Re: [rtcweb] JSEP fingerprint hash requirements
Martin Thomson <martin.thomson@gmail.com> Tue, 22 October 2013 03:01 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 817FE11E8102 for <rtcweb@ietfa.amsl.com>; Mon, 21 Oct 2013 20:01:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.525
X-Spam-Level:
X-Spam-Status: No, score=-2.525 tagged_above=-999 required=5 tests=[AWL=0.075, BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1LTC2Kg1GRWB for <rtcweb@ietfa.amsl.com>; Mon, 21 Oct 2013 20:01:41 -0700 (PDT)
Received: from mail-we0-x232.google.com (mail-we0-x232.google.com [IPv6:2a00:1450:400c:c03::232]) by ietfa.amsl.com (Postfix) with ESMTP id B659F11E8104 for <rtcweb@ietf.org>; Mon, 21 Oct 2013 20:01:37 -0700 (PDT)
Received: by mail-we0-f178.google.com with SMTP id q59so7325853wes.37 for <rtcweb@ietf.org>; Mon, 21 Oct 2013 20:01:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=ylMC43/KfrKvg4jM0fZUileHdb4Xj/+fVEZ2FC5XLbM=; b=nnLxhcnCZOW8MEDxn9IABjWznW+9UwDEu924vFxqIAmCtINMgAO/W1nUtKV0NYnTO2 dyM9965qQLOxZaLihfB++fIAXvBMBFM3fw6suxis0F5+thnU74cZCpV1F0M/Di6XB0pQ PkhO03CZ+5k3BIhZE2S1oOOrSdgvz0fxPpc2tXRt/n3Og/nk/dPu81asnAvtm6VcMIvR hcWKdlAt8i+Rqnss7g18UYEFCuxOt0vOPdLST2VjEUx+7o2D5BOyxEjE7PVEfrN2wy/a cfGp5K2mabMQ0vTKl+nky7z3/hNajVxWEAsZwwu8uyzXEzCKXtTGvT8h2D1gLrC9FlmR po0A==
MIME-Version: 1.0
X-Received: by 10.180.37.164 with SMTP id z4mr12527646wij.30.1382410888417; Mon, 21 Oct 2013 20:01:28 -0700 (PDT)
Received: by 10.227.202.194 with HTTP; Mon, 21 Oct 2013 20:01:28 -0700 (PDT)
In-Reply-To: <CAOJ7v-2EhkfQz-R73mosqDNppe_1-ChmYOzuqdNeZaLbi3dYUw@mail.gmail.com>
References: <CAMvTgcfvaUMWJaD5zX2rt6DWOWBgHEA-SqNtOqxs_bOqw_Ygbg@mail.gmail.com> <CABkgnnXBdQOgs9OKYRrU4wYRghj3WH30=vo-q7iSVjUub1SKow@mail.gmail.com> <CABcZeBOGjsOTXPtAFh+KR9SDQv8tEtUDE3gLvSN+f5dZ2R2R1Q@mail.gmail.com> <CABkgnnVTv4jVZkCDHWKk_X8yb3VEGBLXh+sW00OCG6RXMNkpgA@mail.gmail.com> <C5E08FE080ACFD4DAE31E4BDBF944EB123CBCA44@xmb-aln-x02.cisco.com> <CABkgnnUchE1PS+sy0U1zd8qrq5y9vqVc+4r8bZowY34Yr=6sWg@mail.gmail.com> <CAOJ7v-2EhkfQz-R73mosqDNppe_1-ChmYOzuqdNeZaLbi3dYUw@mail.gmail.com>
Date: Mon, 21 Oct 2013 20:01:28 -0700
Message-ID: <CABkgnnWo06w-VvO14f9DdhJFrEzjjV98dsvFebbgOdru1nOiWQ@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Justin Uberti <juberti@google.com>
Content-Type: text/plain; charset="UTF-8"
Cc: "Cullen Jennings (fluffy)" <fluffy@cisco.com>, "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] JSEP fingerprint hash requirements
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Oct 2013 03:01:41 -0000
On 21 October 2013 16:57, Justin Uberti <juberti@google.com> wrote: > Lacking anything else to point at, I changed the text in jsep-05 to just > reiterate the policy from 4572. Probably sensible, even if 4572 falls short. > However, it does raise the larger question of what digest (and perhaps key > length) should be used when generating certificates in WebRTC, and where > that should be specified. The main factors that affect WebRTC are the size of the RSA modulus (if we're still doing that) and the digest function used for identity validation. The first is largely a unilateral decision, once we sort out whether we want RSA or RSA + DH or one of the EC options. Currently, there is no way to get hash agility with the mechanism defined in security-arch, a problem I think we should discuss. --Martin
- [rtcweb] JSEP fingerprint hash requirements Kevin Dempsey
- Re: [rtcweb] JSEP fingerprint hash requirements Martin Thomson
- Re: [rtcweb] JSEP fingerprint hash requirements Eric Rescorla
- Re: [rtcweb] JSEP fingerprint hash requirements Martin Thomson
- Re: [rtcweb] JSEP fingerprint hash requirements Cullen Jennings (fluffy)
- Re: [rtcweb] JSEP fingerprint hash requirements Justin Uberti
- Re: [rtcweb] JSEP fingerprint hash requirements Harald Alvestrand
- Re: [rtcweb] JSEP fingerprint hash requirements Martin Thomson
- Re: [rtcweb] JSEP fingerprint hash requirements Harald Alvestrand
- Re: [rtcweb] JSEP fingerprint hash requirements Martin Thomson
- Re: [rtcweb] JSEP fingerprint hash requirements Martin Thomson
- Re: [rtcweb] JSEP fingerprint hash requirements Justin Uberti
- Re: [rtcweb] JSEP fingerprint hash requirements Martin Thomson
- Re: [rtcweb] JSEP fingerprint hash requirements Harald Alvestrand
- Re: [rtcweb] JSEP fingerprint hash requirements Eric Rescorla
- Re: [rtcweb] JSEP fingerprint hash requirements Martin Thomson